mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2024-06-01 00:18:07 +00:00
UpdateValidator: Allow updating of your own objects.
This commit is contained in:
parent
2bc2b321b6
commit
57ab698707
|
@ -5,6 +5,7 @@
|
|||
defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateValidator do
|
||||
use Ecto.Schema
|
||||
|
||||
alias Pleroma.Object
|
||||
alias Pleroma.EctoType.ActivityPub.ObjectValidators
|
||||
|
||||
import Ecto.Changeset
|
||||
|
@ -42,13 +43,24 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateValidator do
|
|||
|> validate_data
|
||||
end
|
||||
|
||||
defp can_update?(actor_id, actor_id), do: true
|
||||
|
||||
@updateable ~w{Article Note Page}
|
||||
defp can_update?(actor_id, object_id) do
|
||||
with %Object{data: %{"actor" => ^actor_id, "type" => type}} when type in @updateable <-
|
||||
Object.get_cached_by_ap_id(object_id) do
|
||||
true
|
||||
else
|
||||
_ -> false
|
||||
end
|
||||
end
|
||||
|
||||
# For now we only support updating users, and here the rule is easy:
|
||||
# object id == actor id
|
||||
def validate_updating_rights(cng) do
|
||||
with actor = get_field(cng, :actor),
|
||||
object = get_field(cng, :object),
|
||||
{:ok, object_id} <- ObjectValidators.ObjectID.cast(object),
|
||||
true <- actor == object_id do
|
||||
true <- can_update?(actor, object_id) do
|
||||
cng
|
||||
else
|
||||
_e ->
|
||||
|
|
|
@ -5,8 +5,10 @@
|
|||
defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateHandlingTest do
|
||||
use Pleroma.DataCase
|
||||
|
||||
alias Pleroma.Object
|
||||
alias Pleroma.Web.ActivityPub.Builder
|
||||
alias Pleroma.Web.ActivityPub.ObjectValidator
|
||||
alias Pleroma.Web.CommonAPI
|
||||
|
||||
import Pleroma.Factory
|
||||
|
||||
|
@ -40,5 +42,19 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateHandlingTest do
|
|||
|
||||
assert {:error, _cng} = ObjectValidator.validate(update, [])
|
||||
end
|
||||
|
||||
test "validates a user updating their own note", %{user: user} do
|
||||
{:ok, activity} = CommonAPI.post(user, %{status: "I love cafe"})
|
||||
|
||||
object = Object.normalize(activity)
|
||||
|
||||
updated_object =
|
||||
object.data
|
||||
|> Map.put("content", "I love cofe")
|
||||
|
||||
{:ok, update, []} = Builder.update(user, updated_object)
|
||||
|
||||
assert {ok, _update, []} = ObjectValidator.validate(update, [])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue